Simply Cyber Newsletter #145

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads. Attackers are sending fake voicemail and purchase order emails designed to trick people into downloading malware. These emails may look convincing, but the attached files are dangerous. A real voicemail notification will never arrive as a ZIP file download.

What you need to know: Educate your end users about phishing emails pretending to be voicemail messages or purchase orders. These emails often look convincing, even using company logos, and will try to get you to click a link or download a file. The goal is to install malware that allows attackers to take control of your computer.

Here’s the key reminder: if your organization sends voicemail notifications by email, show your end users exactly what they look like so they can recognize the real thing. Also, remind them that voicemails (anywhere) will never come as a ZIP file. Reinforce that if they receive an unexpected email with attachments or links, slow down, verify it through official channels, and do not download anything they are unsure about (report anything suspicious to your security team).

FOR PEERS

Over 28,000 Citrix devices vulnerable to new exploited RCE flaw. CVE-2025-7775, a critical Citrix NetScaler vulnerability, is being actively exploited as a zero-day. More than 28,000 instances remain exposed worldwide. Citrix urges immediate firmware upgrades, with no mitigations or workarounds available. Two additional high-severity flaws were also disclosed.

What you need to know: Share this story with your peers and discuss what your organization is doing to respond to high-profile zero-day vulnerabilities, even when you do not use the affected technology. Citrix has disclosed CVE-2025-7775, a remote code execution flaw already being exploited in NetScaler appliances. Over 28,000 instances are vulnerable worldwide, and Citrix has confirmed no workarounds beyond immediate firmware upgrades.

If your organization does not rely on Citrix, use this as a check-in: Are you confident your team has visibility into urgent vendor advisories for your critical technologies? How quickly can you patch if a zero-day drop in VPN gateways, mail servers, or remote access tools you depend on tomorrow? High-profile Citrix incidents are reminders to review patch management, exposure mapping, and zero-day response playbooks across the board. End users must understand that they are truly the last line of defense in some situations.

FOR EXECUTIVES

Hackers use fake NDAs to deliver malware to US manufacturers. Hackers target American firms by starting with something as ordinary as a ""Contact Us"" form. They pose as potential partners, maintain conversations for weeks, then send malware disguised as non-disclosure agreements. This is a reminder that cybercriminals no longer just send mass phishing emails. They exploit how companies communicate and where ambiguity exists.

What you need to know: For executives, the question is not only "are we patched?" but "do our people know what real communication looks like?" If an executive needs sensitive information, what is the approved channel? In HR, attackers use fake resumes. In Accounting, they send counterfeit invoices. If workflows are unclear, attackers will fill in the blanks with convincing scams.

Leadership decisions here should focus on clarity and education. Set and enforce official workflows for leadership requests, HR submissions, and Accounting processes. Then, the security team should educate end users on those exact patterns so they can confidently reject anything that falls outside. Attackers succeed when employees face uncertainty. Executives can close that gap by removing ambiguity.

SIMPLY CYBER MEDIA GROUP PODCAST LINEUP

Visit https://www.youtube.com/@SimplyCyber/podcasts to check out and catch up on all of the podcasts available on Simply Cyber Media Group!

SCA COMMUNITY PRACTICAL CYBER WORKSHOP

This Tuesday at 8:30 PM EDT - Registration Required!

🔍 Want to level up your skills in cyber threat intelligence? Don’t miss the Community Practical Cyber Workshop happening tomorrow: Adversarial Mapping workshop with Jay CTI—designed to help you understand and map adversary tactics, techniques, and procedures (TTPs) to better protect your environment.

What You’ll Learn:

• How to identify and map adversary tactics and techniques.

• The importance of adversarial mapping in building robust defense strategies.

• Hands-on techniques for improving threat intelligence workflows.

📅 Register Now: https://academy.simplycyber.io/l/pdp/workshop-adversarial-mapping-for-cyber-threat-intelligence

🔐 Get ready to defend better with smarter threat intelligence with Simply Cyber Academy!

🚀 Whether you're a beginner or a seasoned pro, this workshop is perfect for anyone looking to enhance their cybersecurity toolkit.

See you in the live workshop!

#TeamSC #cybersecurity #CTI #workshop

SIMPLY CYBER FIRESIDES

This Thursday at 4:30 PM EDT on Simply Cyber

Join Gerald Auger, Ph.D., on this episode of Simply Cyber Firesides as he sits down with Mishaal Khan, an expert in Open Source Intelligence (OSINT) and public speaking, to discuss how OSINT can elevate your public speaking skills and enhance communication in the cybersecurity field.

💡 In This Episode:

Discover how OSINT (Open Source Intelligence) can be leveraged for public speaking and storytelling in cybersecurity.

• Learn practical tips for using OSINT effectively in cybersecurity investigations and real-world intelligence operations.

• Understand the ethical considerations and responsibilities of using open-source intelligence in public presentations and speeches.

• Live Q&A – Engage with Mishaal Khan and ask your questions on OSINT, cybersecurity, and public speaking techniques.

This episode is a must-watch for anyone interested in cybersecurity, OSINT, information gathering, and improving their public speaking skills.

Whether you're an aspiring cybersecurity professional or an experienced speaker, you'll find actionable insights and tips for mastering the art of OSINT and presenting information effectively.

We look forward to seeing you there! https://youtube.com/live/w1NyNdo961c

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

SIMPLY CYBER CON 2025

When: Sunday, Nov. 2nd & Monday, Nov. 3rd

We’re excited to share Simply Cyber Con is back for the third year in a row!

Registration is now available! Head over to the website to learn more about conference registration and training day options.

Ready to share your knowledge? Navigate to the Call For Papers section of simplycybercon.org and submit yours now!

Interested in sponsoring? Review the sponsor packet. It’s going to be the best Simply Cyber Con yet, don’t miss out on this chance to sponsor and share your business with #TeamSC!

Stay tuned for updates! #simplycybercon

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry